January 15, 2005

T-mobile cracker also hacks Proportionality with Embarrassment

All the blogs (1, 2, 3) are buzzing about the T-Mobile cracker. 21 year old Nicolas Jacobsen hacked into the phone company's database and lifted identity information for some 400 customers, and also scarfed up a photos taken by various phone users. He sold these and presumably made some money. He was at it for at least 6 months, and was picked up in an international sweep that netted 28 people.

No doubt the celebrity photos were embarrassing, but what was cuter was that he also lifted documents from the Secret Service and attempted to sell them on IRC chat rooms!

One would suppose that he would find himself in hot water. Consider the young guy who tried to steal a few credit cards from a hardware store by parking outside and using his laptop to wirelessly hack in and install a trojan. He didn't succeed in stealing anything, as they caught him beforehand. Even then, the maximum he was looking at was 6 credit card numbers. Clearly, a kid mucking around and hoping to strike lucky, this was no real criminal.

He got 12 years. That's 2 years for every credit card he failed to steal.

If proportionality means anything, Jacobsen is never ever going to see sunlight again. So where are we now? Well, the case is being kept secret, and the Secret Service claim they can't talk about it. This is a complete break with tradition, as normally the prosecution will organise a press circus in order to boost their ratings. It's also somewhat at odds with the press release they put out on the other 19 guys they picked up.

The answer is probably that which "a source" offers: "the Secret Service, the source says, has offered to put the hacker to work, pleading him out to a single felony, then enlisting him to catch other computer criminals in the same manner in which he himself was caught. The source says that Jacobsen, facing the prospect of prison time, is favorably considering the offer."

Which is fine, except the hardware shop hacker also helped the hardware store to fix up their network and still got 12 years. The way I read this message is that proportionality - the punishment matching the crime - is out the window, and if you are going to hack, make sure you hack the people who will come after you to the point of ridicule.

If I where a bad guy meaning a terrorist I would look at this and concentrate my efforts into hacking simply for intellegence gathering. The cost of gathering information in this manner is cheap. But what is really interesting is the surprise factor. Imagine if you will if that an agent of the government is found to have a personal secret or any person having a secret they do not want released to their loved ones. A love affair, a sickness, any issue that may require a delicate approach to discloser. So this issue of hacking might take on a different view if it where made personal. The level of theft has been limited to private pictures, email messages from those that charged with protection, and peoples financial information. I suggest that this level of hacking is sponsored by powers not yet made public. Airliners where going down before 9/11 and the World Trade Towers where attacked as well. We have a government that does not tell us anything worth telling and allows secrets to seep out of all sorts of cracks. We are at war and have not been informed of the level of involvment. The issue at hand is the confidence we have in our governments ability to protect us which should be none. As a native New Yorker I find the governments inability to disclose real fact rather than speculation to other than hackers and others of a secret nature to mean that all things the government is doing are done with a secret agenda. A good case in point is the process of exposing Sadam as a dictator that case has been made rightfully so but to neglect the Chinese government as one of largest killers of humanity on the planet in order to garner a new trading partner is bullshit. State the facts clearly Walmart is richer because of the Chinese and Americans are that much closer to the end of this Republic as well. The Chinese have provoked nuclear buildup and proliferation to destablize oil production. We speak about hackers and terrorist but fail to mention that Stalin squared is our best friend in the world. We follow the Pied Piper like rats seeking power and trading partners. The insanity of the assumption that we are safe needs to be rounded out to included the favored nations that comprise our trading empire. The lack of secure software that can be hacked is the tip of a iceberg of neglect one where we fail to hold accountable the government charged with our security. So what do we do we demonize those that expose our weakness. The hackers are cake walks when compaired to what our unfriendly friends will do with information and insecure systems. The government has never suggested the arrest of the software creator or those that sold it or even arrested the government employees who used this unsafe softwar ala the phone for email. Are we all fools to believe that the world is now safe because we have arrested a hacker? Idiots , idiots, and total jackasses. Wake up you stupid motherfuckers and hold the government accountable, hold the software manufacturers accountable, and finally sstop trusting anyone to protect you when it is not in their interest. The whole model rots with un-accountability on the part of the government, manufacturers, and the potential of more evil powers using these flaws. We are naked and are being told we own a fine suit of cloths. Stop think about who hates us that includes everyone not just the Euro dudes it is the world. Stop think about how the government understanded threats in the past and how all of a sudden we where required to respond with billions when millions would have done earlier on. Stop trusting in anything that cannot be proven hold every entity accountable.

My point is why trust anything unless you can make certain on the claim. Since everyone seems to have an escape clause in their contract why trust anyone. The US aside when a government gets reelected after having thrown my native location under the bus it bothers me. When I see hackers arrested Im suppose to think I'm safe, but I'm not safe and I hope no oneelse believes they are as well. We are in an unfriendly world of enemies perhaps even our own government. I should have made it clearer that the Anti-American folks are just as easily found in the White House. You see Im from New York and that is who they killed and continue to target. All this shit about hackers please stop the pretending to protect. Where is the head of Bin Laden? Probably safely sleeping in some resort enjoying the small pleasures of life. I'm only pro New Yorker I'm not an American. My culture is different than any other place in the world and the government that controls the destiny of the culture I love does not love it neither do the the terrorist. New York will rise from the ashes and this event has made it more a place set aside and to itself. We have been isolated by the Moral Majority and targeted by Islamic Terror what more can I say. Perhaps Berlin would understand ripped into four pieces hated by the west, consumed by the Russians and stil unique unto itelsf an island replete of culture.

James, you frighten me as a citizen of this country. Paranoia in general is a good thing to have; but like any drug, one should sample it lightly.

The case of the kid parked outside a hardware store is a good example of the level of understanding involved in theft; the hardware store should have secured their network. 12 years for an *attempt*? What evidence was there that the kid actually intended to sniff the numbers? It's more likely that he installed a 'trojan' in order to allow himself access to the system in case the wireless router was secured; to look around and think to himself, "How cool am I to have broken into this store's un-encrypted wireless connection!" Does this sound like someone who would have the temerity and understanding to properly use the credit card data? It's speculation about the kid's motives, but it sounds like he was pretty messy, and was easily caught. This suggests that the security was very lax on the network of the hardware store. Anyone with a wireless card and windows can connect to a network that isn't secured and do any sort of damage. It takes no real skill at all.

In contrast, this person broke into the T-Mobile customer database, which would take a considerable amount of effort and knowledge. He did this without being immediately apprehended, and was able to actively sell some of the information that he obtained. This took effort on the part of law enforcement to execute. All in all, a much higher level of sophistication on both sides.

Now, that said, if you were with law enforcement, and you had yourself a person that had the ability to commit this level of crime, you'd want them to help you out if you were short handed. However, if you had some kid that was able to get into an unsecured network easily and managed to bungle things enough to be caught as quickly as he was in those circumstances, he's of no use what-so-ever, outside of PR.

As a result, you 'disappear' the information about the useful person, and you make an example of the stupid one. It may not be just, depending apon your point of view, but it does make sense. You use what you have available. Can't hire untested talent for work that you need to be sure on, and you can't really use bumlbing kids.

In closing, I'd like to suggest that 'james' read a few books, get off the soap box and onto the topic. To quote Ghandi, "Be the change you would see in the world."

Get off the armchair, General, and make a difference. The world is not out to get you; the fear itself is a tool of control, a way of creating a dependance within a culture in order to pacify them about changes made with a front of 'common good'. You rant on about the terrorists being out to get you, the government being out to get you, and something incoherrant about 'Berlin' being torn apart by the west. ( By the way, read up on a few fellows named Joseph Mengelle,
Herman Goering, and Rudolph Hoess; then talk about a 'unique and replete culture'.) You make no relevant points at all, you simply regurgitate everything that's fed to you by the media you consume. Stop rehashing other people's words and ideas, and make a change. Educate yourself.